OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  New Functionx for XACML 3.0

    Posted 10-04-2007 04:14
    I'd like to propose a number of new functions for the 3.0 release of XACML.
    The new functions in the current 3.0 draft are predominantly conversion
    functions, such as "boolean-to-string".
    
    I think we should take the opportunity to add some string manipulation
    functions that have simple mappings to underlying functions in common
    programming languages.  For example, "string-starts-with" and
    "string-ends-with".  At the moment this functionality can be only
    implemented using regular expressions, which is computationally expensive,
    or non-standard functions such as those available in BEA's WebLogic Server
    (http://edocs.bea.com/wls/docs92/secwlres/xacmlref.html#wp1097027).
    
    As a starting point, I'd like to propose the following functions:
     - 


  • 2.  RE: [xacml] New Functionx for XACML 3.0

    Posted 10-04-2007 18:53
    How about we pick up the string handling functions from XPath 2.0
    function library?    That may simplify implementation.
    We would need to generalize its semantics to deal with XACML data model,
    but the basic functionality (and names) should be similar.
    
    I am not sure what an "integer-contains" function would mean.
    
    Daniel;
    
    


  • 3.  RE: [xacml] New Functionx for XACML 3.0

    Posted 10-05-2007 00:36
    Hi Daniel,
    
    Perhaps there's value in defining some to generic way to call XPath 2.0
    functions in an XACML policy?  However, I think most of the XPath 2.0
    functions already have equivalents in XACML 2.0, so it's probably easier
    just to extend the XACML functions to fill in the gaps.
    
    >> I am not sure what an "integer-contains" function would mean.
    
    By 


  • 4.  RE: [xacml] New Functionx for XACML 3.0

    Posted 10-05-2007 23:24